Thanks ... I inherited a site that required an initial login ... as soon as the site was accessed, the first page was a login.aspx page.

It was later decided to have an open website with the previously secured information linked to from the default.aspx page.

Using the .Net 'Solution Explorer', I created a new subdirectory called "dbpages" and, again using the .Net 'Solution Explorer', I cut/pasted all of the original root directory pages and subdirectories into "dbpages".

After a lot of hair pulling / trying web.config files in subdirectories / wandering the web looking for a solution, I read this about <location> and tried it ... thanks much!